Name of the Vulnerable Software and Affected Versions:

Doccure versions prior to 1.4.9

Description:

The Doccure theme for WordPress is susceptible to unauthorized modification of user passwords. This occurs because the plugin allows user-controlled access to objects, enabling bypass of authorization and access to system resources. This allows unauthenticated attackers to alter user passwords and potentially compromise administrator accounts.

Recommendations:

Update Doccure to version 1.4.9 or later.